CVE-2021-42524: 
NixOS vulnerability analysis and mitigation

Adobe Animate version 21.0.9 and earlier versions were affected by an out-of-bounds write vulnerability identified as CVE-2021-42524. The vulnerability was discovered and disclosed in October 2021, requiring user interaction where a victim must open a malicious BMP file to trigger the exploit (NVD, ZDI).

The vulnerability is classified as an out-of-bounds write vulnerability (CWE-787) that occurs during the parsing of BMP images. The issue stems from improper validation of user-supplied data, which can result in a write operation past the end of an allocated structure. The vulnerability received a CVSS v3.0 base score of 7.8 (High) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI, NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The attacker could potentially execute malicious code with the same privileges as the compromised application (NVD, ZDI).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Animate installations to the latest version available through the standard Adobe update channels (ZDI).

The vulnerability was part of a larger Adobe security update that addressed 92 vulnerabilities across 14 products. The discovery was credited to Tran Van Khang (khangkito) from VinCSS, who reported it through the Zero Day Initiative program (Threatpost, ZDI).